- Information Gathering

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.

CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.

Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module's current source tree and then requesting those file names from the target system. These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.

AutoScan-Network is a network scanner (discovering and managing application). No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.

WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules. It can run under Windows 95, 98, ME, NT, 2000, XP, 2003 and Vista.

WinDump captures using theWinPcap library and drivers, which are freely downloadable from the WinPcap.org website. WinDump supports 802.11b/g wireless capture and troubleshooting through the Riverbed AirPcap adapter.

WebCruiser - Web Vulnerability Scanner, an effective and powerful web penetration testing tool that will aid you in auditing your website! It has a Vulnerability Scanner and a series of security tools.

It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.

- Exploitation Tools

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable.

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.

It contains several options to try to bypass certain filters, and various special techniques of code injection.

- Hash Cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords.

SQLI Hunter is an automation tool to scan for an Sql Injection vulnerability in a website.It automates the search of sqli vulnerable links from Google using google dorks! SQLI Hunter can also find admin page of any website by using some predefined admin page lists.download Sqli Hunter

- Dork SearcherDork Searcher is a small utility that enables you to easily use Google to search for SQLi vulnerable web servers. Saves the results in a text or XML file. Uses the Tor VPN/Proxy client or your own Socks 4a or 5 proxy server for anonymity. Over 350 Google Dorks included. Easily add your own to the list by simply editing a text file.download Dork Searcher- ICFsqli CrawlerThis tool helps u to scan sql injection vulnerablity on 1000s of websites , by just giving the ip of the server .This is one of the best & worlds fastest mass sqli scanner , coded by INDiAn CyBER FORCE (b47chguru).download ICFsqli Crawler- Xcode Exploit Scanner
this is the great tools to find vulnerability using dork, I was try it and it look awesome

download Xcode Exploit Scanner- BinGooBinGoo is my version of an all-in-one dorking tool written in pure bash. It leverages Google AND Bing main search pages to scrape a large amount of links based on provided search terms. You can choose to search a single dork at a time or you can make lists with one dork per line and perform mass scans. Once your done with that, or maybe you have links gathered from other means, you can move to the Analyzing tools to test for common signs of vulnerabilities.download BinGoo

- GooDorkGooDork is a simple python script designed to allow you to leverage thepower of google dorking straight from the comfort of your command line.GooDork offers powerfull use of googles search directives, by analyzing resultsfrom searches using regular expressions that you supply.So basically the purpose of GooDork is to combined Dorking with Regular expressionsdownload GooDork- Gr3NoX exploit scannerGr3NoX scan for vulnerability with google dork, you can scan sqli, LFI/RFI, and xss.download Gr3NoX exploit scanner- Revtan Toolsthis is the PHP dork scanner, so you need to install it into you localhost or in your webhost.download Revtanpassword : hocib0.blogspot.com

Wednesday, May 8, 2013

first we need to download joomla and xampp
download joomla here
download xampp here
here I use joomla 2.5.4 for example but you can download the other version too.

after your download was complete install xampp, and create folder and extract the joomla.zip file into your new xampp folder . usually at C:\xampp\htdocs\your_folder. on this example I give "joomla" as the folder name.

then run the xampp program and activate apache and mysql.

go to browser and type http://localhost/phpmyadmin to create a new database for our joomla. I give my databse name "joomla" just for example, you can use the other name.

Tuesday, April 30, 2013

This is list of the best web vulnnerability scanner.. hope you like it.

- arachni

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application's cyclomatic complexity and is able to adjust itself accordingly. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni. Moreover, Arachni yields great performance due to its asynchronous HTTP model (courtesy of Typhoeus) -- especially when combined with a High Performance Grid setup which allows you to combine the resources of multiple nodes for lightning fast scans. Thus, you'll only be limited by the responsiveness of the server under audit. Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits.

- acunetix

Acunetix was founded with this threat in mind. It was understood that the only way to combat website hacking was to develop an automated tool that could help companies scan their web applications to identify and resolve exploitable vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a heuristic tool designed to replicate a hacker's methodology to find dangerous vulnerabilities -- like SQL injection and cross site scripting -- before hackers do. Acunetix WVS brings an extensive feature-set of both automated and manual penetration testing tools, enabling security analysts to perform a complete vulnerability assessment, and repair detected threats, with just the one product.
The Acunetix development team consists of highly experienced security developers, all with extensive development experience in network security scanning software prior to working on Acunetix WVS. The management team is backed by years of experience in marketing and selling security software.

- burp suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

- nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

- w3af

w3af (short for web application attack and audit framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts.
This cross-platform tool is available in all of the popular operating systems such as Microsoft Windows, Linux, Mac OS X, FreeBSD and OpenBSD and is written in the Python programming language. Users have the choice between a graphic user interface and a command-line interface.

- skipfish

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

this is the best tools for sql injection, hope you like it.- sqlmapsqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.download sqlmap- havij

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. it can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique

Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv2.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on getting an interactive shell on the remote DB server and using it as a foothold in the target network.download sqlninja- bsql hacker

Avast! is - both freeware and payable - antivirus computer program with user interface that includes 41 languages, available to Microsoft Windows, Mac OS X and Linux users. The name Avast is an acronym of "Anti-Virus – Advanced Set".The official, and current logo of Avast! is a white orb with the letter 'a' on it and an orange circle around it, sticking out to four directions.